Executive Summary

Summary
Title Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability
Informations
Name cisco-sa-20180606-multiplatform-sip First vendor Publication 2018-06-06
Vendor Cisco Last vendor Modification 2018-06-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.

The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbGAZDXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczGjsP/iwxgGmFfKlk8gYg7DqdkJzpPJpq NyPCkwv4W7Y522G097G46+2RaNsEzDsQI9X9QuN+c9dHmM/5b5LWKJPGAkUaB/Jv enl4Y8oG+BruI81t3YxKzeRPTx7cQ9xVXJB9j9NQUOxsKcyYinMcLximzoqQJ/ji Cz1lumojIqq3h/qNSksq8VcohGSjIbEcZQ93jK7eczWLSFzkLwJHK12cYXpivJtm 5Sm4Y2k2HIB89Hh11O4QMpprbF2SwnRnYKkLQwK4GfIW3086A4kCkMrS1wlpfmUo 7/PT61yvpRMzvFOvkDRqtEmhgYVIV7tweiLf2iMujHiqyP1G/2pT5PNHB6g8yKDl Rxzln9blp9Bw7MJq43OgXAejBCp7+yFeibXpzPsEu1Wi9k+85S2kEMLkjGQRpYAO EPwQwpHJ70Yo3KtRnKL73FT4Ki8dpRjQs08O2Uo+B0d3l9uQjCAIwZlAUNV1tUiU xLWz/FehK5aU2gqyTJ2FTPiHdoakdtM3/2HnFc9PIbMfOOK0Amnn9RwDI7J9E+e4 hH91ZopgfzVql7+dVVGPpEpGoJgy4LFiTCHA7jTU8B8SKq/xIi75r/ezAg4XRrlA VewxXcSjsP/gqKKvby22LFh7JMKKuPoaIcMIE92B9EP6wRbmaZVQexCv/1R542Yr Q/vPBA5rfVZacMNt =QrNY END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-755 Improper Handling of Exceptional Conditions

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-07-20 17:21:13
  • Multiple Updates
2018-06-07 17:21:02
  • Multiple Updates
2018-06-06 21:19:04
  • First insertion